Skip to main content
此產品有較新版本可以使用。
本繁體中文版使用機器翻譯,譯文僅供參考,若與英文版本牴觸,應以英文版本為準。

使用標準程序安裝Astra Control Center

貢獻者
PDF

若要安裝Astra Control Center、請從NetApp支援網站下載安裝套件、並執行下列步驟、在您的環境中安裝Astra Control Center操作員和Astra Control Center。您可以使用此程序、在連線網際網路或無線環境中安裝Astra Control Center。

對於Red Hat OpenShift環境、您也可以使用 "替代程序" 使用OpenShift作業系統集線器安裝Astra Control Center。

您需要的產品
關於這項工作

Astra Control Center安裝程序會執行下列作業:

  • 將Astra元件安裝到「NetApp-acc」(或自訂命名)命名空間。

  • 建立預設帳戶。

  • 為此Astra Control Center執行個體建立預設的管理使用者電子郵件地址和預設的一次性密碼「ACC-<UUUID__of_installation_>」。此使用者被指派系統中的擁有者角色、第一次登入UI時即需要此角色。

  • 協助您判斷所有Astra Control Center Pod都在執行中。

  • 安裝Astra UI。

註 如果您使用的是Red Hat的Podman、而非Docker Engine、則可使用Podman命令來取代Docker命令。
重要 請勿在整個安裝程序期間執行下列命令、以免刪除所有Astra Control Center Pod:「kubecl DELETE -f Astra _control_center_oper_deploy。yaml」
步驟

若要安裝Astra Control Center、請執行下列步驟:

執行以完成部署 "設定工作"

下載Astra Control Center套裝組合

  1. 請從下載Astra Control Center套裝組合(「Astra控制中心-[版本].tar.gz」) "NetApp 支援網站"

  2. 從下載Astra Control Center認證與金鑰的壓縮檔 "NetApp 支援網站"

  3. (可選)使用以下命令驗證套件的簽名:

    openssl dgst -sha256 -verify astra-control-center[version].pub -signature <astra-control-center[version].sig astra-control-center[version].tar.gz

解壓縮套件並變更目錄

  1. 擷取影像:

    tar -vxzf astra-control-center-[version].tar.gz

  2. 變更至Astra目錄。

    cd astra-control-center-[version]

將映像新增至本機登錄

  1. 將Astra Control Center映像目錄中的檔案新增至本機登錄。

    註 請參閱以下自動載入影像的範例指令碼。

    1. 登入您的登錄:

      Docker:

      docker login [your_registry_path]

      Podcast:

      podman login [your_registry_path]

    2. 使用適當的指令碼來載入映像、標記映像、並[Subforte_image_local_register_pip]將映像推送到本機登錄:

      Docker:

      export REGISTRY=[Docker_registry_path]
for astraImageFile in $(ls images/*.tar) ; do
  # Load to local cache. And store the name of the loaded image trimming the 'Loaded images: '
  astraImage=$(docker load --input ${astraImageFile} | sed 's/Loaded image: //')
  astraImage=$(echo ${astraImage} | sed 's!localhost/!!')
  # Tag with local image repo.
  docker tag ${astraImage} ${REGISTRY}/${astraImage}
  # Push to the local repo.
  docker push ${REGISTRY}/${astraImage}
done

      Podcast:

    export REGISTRY=[Registry_path]
for astraImageFile in $(ls images/*.tar) ; do
  # Load to local cache. And store the name of the loaded image trimming the 'Loaded images: '
  astraImage=$(podman load --input ${astraImageFile} | sed 's/Loaded image(s): //')
  astraImage=$(echo ${astraImage} | sed 's!localhost/!!')
  # Tag with local image repo.
  podman tag ${astraImage} ${REGISTRY}/${astraImage}
  # Push to the local repo.
  podman push ${REGISTRY}/${astraImage}
done

設定具有驗證需求之登錄的命名空間和機密

  1. 如果您使用需要驗證的登錄、則需要執行下列動作:

    1. 建立「NetApp-acc operator:

      kubectl create ns netapp-acc-operator

      回應:

      namespace/netapp-acc-operator created

    2. 建立「NetApp-acc operator」命名空間的秘密。新增Docker資訊並執行下列命令:

      kubectl create secret docker-registry astra-registry-cred -n netapp-acc-operator --docker-server=[your_registry_path] --docker-username=[username] --docker-password=[token]

      回應範例:

      secret/astra-registry-cred created

    3. 建立「NetApp-acc」(或自訂命名)命名空間。

      kubectl create ns [netapp-acc or custom namespace]

      回應範例:

      namespace/netapp-acc created

    4. 為「NetApp-acc」(或自訂命名)命名空間建立秘密。新增Docker資訊並執行下列命令:

      kubectl create secret docker-registry astra-registry-cred -n [netapp-acc or custom namespace] --docker-server=[your_registry_path] --docker-username=[username] --docker-password=[token]

      回應

    secret/astra-registry-cred created

安裝Astra Control Center操作員

  1. 編輯Astra Control Center營運者部署Yaml(「Astra _control_center_operer_deploy」、以參照您的本機登錄和機密。

    vim astra_control_center_operator_deploy.yaml

    1. 如果您使用需要驗證的登錄、請將預設行「imagePullSecrets:[]」改為:

      imagePullSecrets:
- name: <name_of_secret_with_creds_to_local_registry>

    2. 將「kube-RBAC代理」映像的「[your _register_path]」變更為您將映像推入的登錄路徑 上一步

    3. 將「acc oper-manager-manager」映像的「[your _register_path]」變更為您將映像推入的登錄路徑 上一步

    4. (若為使用Astra Data Store預覽的安裝)請參閱此已知問題 "儲存類別資源配置工具、以及您需要對Y反 洗錢進行的其他變更"

      apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    control-plane: controller-manager
  name: acc-operator-controller-manager
  namespace: netapp-acc-operator
spec:
  replicas: 1
  selector:
    matchLabels:
      control-plane: controller-manager
  template:
    metadata:
      labels:
        control-plane: controller-manager
    spec:
      containers:
      - args:
        - --secure-listen-address=0.0.0.0:8443
        - --upstream=http://127.0.0.1:8080/
        - --logtostderr=true
        - --v=10
        image: [your_registry_path]/kube-rbac-proxy:v4.8.0
        name: kube-rbac-proxy
        ports:
        - containerPort: 8443
          name: https
      - args:
        - --health-probe-bind-address=:8081
        - --metrics-bind-address=127.0.0.1:8080
        - --leader-elect
        command:
        - /manager
        env:
        - name: ACCOP_LOG_LEVEL
          value: "2"
        image: [your_registry_path]/acc-operator:[version x.y.z]
        imagePullPolicy: IfNotPresent
      imagePullSecrets: []

  2. 安裝Astra Control Center操作員:

    kubectl apply -f astra_control_center_operator_deploy.yaml

    回應範例:

    namespace/netapp-acc-operator created
customresourcedefinition.apiextensions.k8s.io/astracontrolcenters.astra.netapp.io created
role.rbac.authorization.k8s.io/acc-operator-leader-election-role created
clusterrole.rbac.authorization.k8s.io/acc-operator-manager-role created
clusterrole.rbac.authorization.k8s.io/acc-operator-metrics-reader created
clusterrole.rbac.authorization.k8s.io/acc-operator-proxy-role created
rolebinding.rbac.authorization.k8s.io/acc-operator-leader-election-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/acc-operator-manager-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/acc-operator-proxy-rolebinding created
configmap/acc-operator-manager-config created
service/acc-operator-controller-manager-metrics-service created
deployment.apps/acc-operator-controller-manager created

設定Astra控制中心

  1. 編輯Astra Control Center自訂資源(CR)檔案(「Astra_control_center_min.yaml」)、以建立帳戶、AutoSupport 供參考、登錄及其他必要的組態:

    註 如果您的環境需要額外的自訂功能、您可以使用「Astra_control_center.yaml」作為替代的CR。「Astra_control_center_min.yaml」是預設的CR、適用於大部分的安裝。 
    vim astra_control_center_min.yaml
    註 在初始Astra Control Center部署之後、無法變更由CR設定的內容。
    重要 如果您使用不需要授權的登錄、則必須刪除「imageRegistry」中的「秘密」行、否則安裝將會失敗。

    1. 將「[your _register_path](您的登錄路徑)」變更為您在上一個步驟中推送影像的登錄路徑。

    2. 將「帳戶名稱」字串變更為您要與帳戶建立關聯的名稱。

    3. 將「astraAddress」字串變更為您要在瀏覽器中用來存取Astra的FQDN。請勿在地址中使用「http://」或「https://」。複製此FQDN以供在中使用 後續步驟

    4. 將「電子郵件」字串變更為預設的初始系統管理員地址。複製此電子郵件地址以供在中使用 後續步驟

    5. 如果網站沒有網際網路連線、請將AutoSupport 「已註冊」改為「假」、否則連線網站則保留「真」。

    6. (選用)新增與帳戶相關之使用者的名字「firstName」和姓氏「lastName」。您可以在UI中立即或稍後執行此步驟。

    7. (可選)如果安裝需要、請將「儲存類別」值變更為另一個Astra Trident StorageClass資源。

    8. (若為使用Astra Data Store預覽的安裝)請參閱此已知問題 "其他必要變更" 至Yaml。

    apiVersion: astra.netapp.io/v1
kind: AstraControlCenter
metadata:
  name: astra
spec:
  accountName: "Example"
  astraVersion: "ASTRA_VERSION"
  astraAddress: "astra.example.com"
  autoSupport:
    enrolled: true
  email: "[admin@example.com]"
  firstName: "SRE"
  lastName: "Admin"
  imageRegistry:
    name: "[your_registry_path]"
    secret: "astra-registry-cred"
  storageClass: "ontap-gold"

完整的Astra控制中心和操作員安裝

  1. 如果您尚未在上一步中執行此操作、請建立「NetApp-acc」(或自訂)命名空間:

    kubectl create ns [netapp-acc or custom namespace]

    回應範例:

    namespace/netapp-acc created

  2. 在「NetApp-acc」(或您的自訂)命名空間中安裝Astra Control Center:

    kubectl apply -f astra_control_center_min.yaml -n [netapp-acc or custom namespace]

    回應範例:

    astracontrolcenter.astra.netapp.io/astra created

驗證系統狀態

註 如果您偏好使用OpenShift、您可以使用相似的相關命令來進行驗證步驟。

  1. 驗證是否已成功安裝所有系統元件。

    kubectl get pods -n [netapp-acc or custom namespace]

    每個Pod的狀態應為「執行中」。部署系統Pod可能需要幾分鐘的時間。

    回應範例:

    NAME                                       READY   STATUS    RESTARTS   AGE
acc-helm-repo-5f75c5f564-bzqmt             1/1     Running   0          11m
activity-6b8f7cccb9-mlrn4                  1/1     Running   0          9m2s
api-token-authentication-6hznt             1/1     Running   0          8m50s
api-token-authentication-qpfgb             1/1     Running   0          8m50s
api-token-authentication-sqnb7             1/1     Running   0          8m50s
asup-5578bbdd57-dxkbp                      1/1     Running   0          9m3s
authentication-56bff4f95d-mspmq            1/1     Running   0          7m31s
bucketservice-6f7968b95d-9rrrl             1/1     Running   0          8m36s
cert-manager-5f6cf4bc4b-82khn              1/1     Running   0          6m19s
cert-manager-cainjector-76cf976458-sdrbc   1/1     Running   0          6m19s
cert-manager-webhook-5b7896bfd8-2n45j      1/1     Running   0          6m19s
cloud-extension-749d9f684c-8bdhq           1/1     Running   0          9m6s
cloud-insights-service-7d58687d9-h5tzw     1/1     Running   2          8m56s
composite-compute-968c79cb5-nv7l4          1/1     Running   0          9m11s
composite-volume-7687569985-jg9gg          1/1     Running   0          8m33s
credentials-5c9b75f4d6-nx9cz               1/1     Running   0          8m42s
entitlement-6c96fd8b78-zt7f8               1/1     Running   0          8m28s
features-5f7bfc9f68-gsjnl                  1/1     Running   0          8m57s
fluent-bit-ds-h88p7                        1/1     Running   0          7m22s
fluent-bit-ds-krhnj                        1/1     Running   0          7m23s
fluent-bit-ds-l5bjj                        1/1     Running   0          7m22s
fluent-bit-ds-lrclb                        1/1     Running   0          7m23s
fluent-bit-ds-s5t4n                        1/1     Running   0          7m23s
fluent-bit-ds-zpr6v                        1/1     Running   0          7m22s
graphql-server-5f5976f4bd-vbb4z            1/1     Running   0          7m13s
identity-56f78b8f9f-8h9p9                  1/1     Running   0          8m29s
influxdb2-0                                1/1     Running   0          11m
krakend-6f8d995b4d-5khkl                   1/1     Running   0          7m7s
license-5b5db87c97-jmxzc                   1/1     Running   0          9m
login-ui-57b57c74b8-6xtv7                  1/1     Running   0          7m10s
loki-0                                     1/1     Running   0          11m
monitoring-operator-9dbc9c76d-8znck        2/2     Running   0          7m33s
nats-0                                     1/1     Running   0          11m
nats-1                                     1/1     Running   0          10m
nats-2                                     1/1     Running   0          10m
nautilus-6b9d88bc86-h8kfb                  1/1     Running   0          8m6s
nautilus-6b9d88bc86-vn68r                  1/1     Running   0          8m35s
openapi-b87d77dd8-5dz9h                    1/1     Running   0          9m7s
polaris-consul-consul-5ljfb                1/1     Running   0          11m
polaris-consul-consul-s5d5z                1/1     Running   0          11m
polaris-consul-consul-server-0             1/1     Running   0          11m
polaris-consul-consul-server-1             1/1     Running   0          11m
polaris-consul-consul-server-2             1/1     Running   0          11m
polaris-consul-consul-twmpq                1/1     Running   0          11m
polaris-mongodb-0                          2/2     Running   0          11m
polaris-mongodb-1                          2/2     Running   0          10m
polaris-mongodb-2                          2/2     Running   0          10m
polaris-ui-84dc87847f-zrg8w                1/1     Running   0          7m12s
polaris-vault-0                            1/1     Running   0          11m
polaris-vault-1                            1/1     Running   0          11m
polaris-vault-2                            1/1     Running   0          11m
public-metrics-657698b66f-67pgt            1/1     Running   0          8m47s
storage-backend-metrics-6848b9fd87-w7x8r   1/1     Running   0          8m39s
storage-provider-5ff5868cd5-r9hj7          1/1     Running   0          8m45s
telegraf-ds-dw4hg                          1/1     Running   0          7m23s
telegraf-ds-k92gn                          1/1     Running   0          7m23s
telegraf-ds-mmxjl                          1/1     Running   0          7m23s
telegraf-ds-nhs8s                          1/1     Running   0          7m23s
telegraf-ds-rj7lw                          1/1     Running   0          7m23s
telegraf-ds-tqrkb                          1/1     Running   0          7m23s
telegraf-rs-9mwgj                          1/1     Running   0          7m23s
telemetry-service-56c49d689b-ffrzx         1/1     Running   0          8m42s
tenancy-767c77fb9d-g9ctv                   1/1     Running   0          8m52s
traefik-5857d87f85-7pmx8                   1/1     Running   0          6m49s
traefik-5857d87f85-cpxgv                   1/1     Running   0          5m34s
traefik-5857d87f85-lvmlb                   1/1     Running   0          4m33s
traefik-5857d87f85-t2xlk                   1/1     Running   0          4m33s
traefik-5857d87f85-v9wpf                   1/1     Running   0          7m3s
trident-svc-595f84dd78-zb8l6               1/1     Running   0          8m54s
vault-controller-86c94fbf4f-krttq          1/1     Running   0          9m24s

  2. (選用)若要確保安裝完成、您可以使用下列命令來查看「acc operator」記錄。

    kubectl logs deploy/acc-operator-controller-manager -n netapp-acc-operator -c manager -f

  3. 當所有Pod都在執行時、請擷取由Astra Control Center營運者安裝的「適用鍵盤」執行個體、以驗證安裝是否成功。

    kubectl get acc -o yaml -n [netapp-acc or custom namespace]

  4. 請查看回應中的「tatus.deploymentState`」欄位、以取得「部署」值。如果部署失敗、則會改為顯示錯誤訊息。

    註 您將在下一步中使用「uuid」。 
    name: astra
   namespace: netapp-acc
   resourceVersion: "104424560"
   selfLink: /apis/astra.netapp.io/v1/namespaces/netapp-acc/astracontrolcenters/astra
   uid: 9aa5fdae-4214-4cb7-9976-5d8b4c0ce27f
 spec:
   accountName: Example
   astraAddress: astra.example.com
   astraVersion: 21.12.60
   autoSupport:
     enrolled: true
     url: https://support.netapp.com/asupprod/post/1.0/postAsup
   crds: {}
   email: admin@example.com
   firstName: SRE
   imageRegistry:
     name: registry_name/astra
     secret: astra-registry-cred
   lastName: Admin
 status:
   accConditionHistory:
     items:
     - astraVersion: 21.12.60
       condition:
         lastTransitionTime: "2021-11-23T02:23:59Z"
         message: Deploying is currently in progress.
         reason: InProgress
         status: "False"
         type: Ready
       generation: 2
       observedSpec:
         accountName: Example
         astraAddress: astra.example.com
         astraVersion: 21.12.60
         autoSupport:
           enrolled: true
           url: https://support.netapp.com/asupprod/post/1.0/postAsup
         crds: {}
         email: admin@example.com
         firstName: SRE
         imageRegistry:
           name: registry_name/astra
           secret: astra-registry-cred
         lastName: Admin
       timestamp: "2021-11-23T02:23:59Z"
     - astraVersion: 21.12.60
       condition:
         lastTransitionTime: "2021-11-23T02:23:59Z"
         message: Deploying is currently in progress.
         reason: InProgress
         status: "True"
         type: Deploying
       generation: 2
       observedSpec:
         accountName: Example
         astraAddress: astra.example.com
         astraVersion: 21.12.60
         autoSupport:
           enrolled: true
           url: https://support.netapp.com/asupprod/post/1.0/postAsup
         crds: {}
         email: admin@example.com
         firstName: SRE
         imageRegistry:
           name: registry_name/astra
           secret: astra-registry-cred
         lastName: Admin
       timestamp: "2021-11-23T02:23:59Z"
     - astraVersion: 21.12.60
       condition:
         lastTransitionTime: "2021-11-23T02:29:41Z"
         message: Post Install was successful
         observedGeneration: 2
         reason: Complete
         status: "True"
         type: PostInstallComplete
       generation: 2
       observedSpec:
         accountName: Example
         astraAddress: astra.example.com
         astraVersion: 21.12.60
         autoSupport:
           enrolled: true
           url: https://support.netapp.com/asupprod/post/1.0/postAsup
         crds: {}
         email: admin@example.com
         firstName: SRE
         imageRegistry:
           name: registry_name/astra
           secret: astra-registry-cred
         lastName: Admin
       timestamp: "2021-11-23T02:29:41Z"
     - astraVersion: 21.12.60
       condition:
         lastTransitionTime: "2021-11-23T02:29:41Z"
         message: Deploying succeeded.
         reason: Complete
         status: "False"
         type: Deploying
       generation: 2
       observedGeneration: 2
       observedSpec:
         accountName: Example
         astraAddress: astra.example.com
         astraVersion: 21.12.60
         autoSupport:
           enrolled: true
           url: https://support.netapp.com/asupprod/post/1.0/postAsup
         crds: {}
         email: admin@example.com
         firstName: SRE
         imageRegistry:
           name: registry_name/astra
           secret: astra-registry-cred
         lastName: Admin
       observedVersion: 21.12.60
       timestamp: "2021-11-23T02:29:41Z"
     - astraVersion: 21.12.60
       condition:
         lastTransitionTime: "2021-11-23T02:29:41Z"
         message: Astra is deployed
         reason: Complete
         status: "True"
         type: Deployed
       generation: 2
       observedGeneration: 2
       observedSpec:
         accountName: Example
         astraAddress: astra.example.com
         astraVersion: 21.12.60
         autoSupport:
           enrolled: true
           url: https://support.netapp.com/asupprod/post/1.0/postAsup
         crds: {}
         email: admin@example.com
         firstName: SRE
         imageRegistry:
           name: registry_name/astra
           secret: astra-registry-cred
         lastName: Admin
       observedVersion: 21.12.60
       timestamp: "2021-11-23T02:29:41Z"
     - astraVersion: 21.12.60
       condition:
         lastTransitionTime: "2021-11-23T02:29:41Z"
         message: Astra is deployed
         reason: Complete
         status: "True"
         type: Ready
       generation: 2
       observedGeneration: 2
       observedSpec:
         accountName: Example
         astraAddress: astra.example.com
         astraVersion: 21.12.60
         autoSupport:
           enrolled: true
           url: https://support.netapp.com/asupprod/post/1.0/postAsup
         crds: {}
         email: admin@example.com
         firstName: SRE
         imageRegistry:
           name: registry_name/astra
           secret: astra-registry-cred
         lastName: Admin
       observedVersion: 21.12.60
       timestamp: "2021-11-23T02:29:41Z"
   certManager: deploy
   cluster:
     type: OCP
     vendorVersion: 4.7.5
     version: v1.20.0+bafe72f
   conditions:
   - lastTransitionTime: "2021-12-08T16:19:55Z"
     message: Astra is deployed
     reason: Complete
     status: "True"
     type: Ready
   - lastTransitionTime: "2021-12-08T16:19:55Z"
     message: Deploying succeeded.
     reason: Complete
     status: "False"
     type: Deploying
   - lastTransitionTime: "2021-12-08T16:19:53Z"
     message: Post Install was successful
     observedGeneration: 2
     reason: Complete
     status: "True"
     type: PostInstallComplete
   - lastTransitionTime: "2021-12-08T16:19:55Z"
     message: Astra is deployed
     reason: Complete
     status: "True"
     type: Deployed
   deploymentState: Deployed
   observedGeneration: 2
   observedSpec:
     accountName: Example
     astraAddress: astra.example.com
     astraVersion: 21.12.60
     autoSupport:
       enrolled: true
       url: https://support.netapp.com/asupprod/post/1.0/postAsup
     crds: {}
     email: admin@example.com
     firstName: SRE
     imageRegistry:
       name: registry_name/astra
       secret: astra-registry-cred
     lastName: Admin
   observedVersion: 21.12.60
   postInstall: Complete
   uuid: 9aa5fdae-4214-4cb7-9976-5d8b4c0ce27f
kind: List
metadata:
 resourceVersion: ""
 selfLink: ""

  5. 若要取得登入Astra Control Center時使用的一次性密碼、請從上一步的回應中複製「stats.uuid」值。密碼為「ACC-」、後面接著UUID值(「ACC-[UUUID]」、或在本範例中為「ACC-c49008a5-4ef1-4c5d-a53e-830daf9941116」)。

登入Astra Control Center UI

安裝Astra Control Center之後、您將變更預設管理員的密碼、並登入Astra Control Center UI儀表板。

步驟

  1. 在瀏覽器中、輸入您在「Astra Address」(astrAddress)中使用的FQDN、位於「Astra控制中心_min.yaml」(當)字段中 您安裝了Astra Control Center

  2. 出現提示時、請接受自我簽署的憑證。

    註 您可以在登入後建立自訂憑證。

  3. 在Astra Control Center登入頁面中、輸入您在「Astra Control Center_min.yaml」CR中使用的「電子郵件」值 您安裝了Astra Control Center,然後是一次性密碼(「ACC-[UUUID]」)。

    註 如果您輸入錯誤密碼三次、系統將鎖定管理員帳戶15分鐘。

  4. 選擇*登入*。

  5. 出現提示時變更密碼。

    註 如果這是您第一次登入、但您忘記密碼、而且尚未建立其他管理使用者帳戶、請聯絡NetApp支援部門以取得密碼恢復協助。

  6. (選用)移除現有的自我簽署TLS憑證、並以取代 "由憑證授權單位(CA)簽署的自訂TLS憑證"

疑難排解安裝

如果有任何服務處於「錯誤」狀態、您可以檢查記錄。尋找400到500範圍內的API回應代碼。這些都表示發生故障的地點。

步驟

  1. 若要檢查Astra控制中心的操作員記錄、請輸入下列內容:

    kubectl logs --follow -n netapp-acc-operator $(kubectl get pods -n netapp-acc-operator -o name)  -c manager

下一步

執行以完成部署 "設定工作"